Database Administrators Stack Exchange is a question and answer site for database professionals who wish to improve their database skills and learn from others in the community. It's 100% free, no registration required.

I am thinking about encrypting some fields in MySQL database using MySQL's encryption functions. I can't find any good sources on how to properly implement it. Has anyone done this and have a good tutorial on this?

I would like to implement salt along with encryption key. I have found out that AES_ENCRYPT is better off with a fixed length key from mysql AES_ENCRYPT key length post. Has anyone written a MySQL function for key derivation algorithm?

You say "the tutorial doesn't go into enough depth at all." It seems to answer the question 'how to encrypt with mysql functions', so could you elaborate on what question it does not answer for you?
–
Derek DowneyNov 9 '11 at 18:58

I am looking for a similar tutorial that goes into more depth with security in mind. I would like it to cover implementation of key derivation algorithm and securing the connection from client to server, as otherwise passwords would be sent across the network in the clear.
–
dabest1Nov 9 '11 at 19:16

5

If possible it's better to do the encryption/decryption away from the database. This will save your database CPU and makes it harder to gain unauthorized access to data.
–
anttirNov 11 '11 at 16:31

1

+1 for anttir, unless its an academic exercise, do the crypto in the application layer. This way as a bonus your data stays encrypted for longer. (unless you need to decrypt your fields to run queries on them - odd situation though)
–
James ButlerNov 20 '11 at 10:40

1

Can you describe what the problem you want to solve is please?
–
gbnDec 27 '11 at 12:51

Thanks. The use case is actually different then a website authentication. We need to be able to encrypt and later decrypt the passwords stored. What would you recommend in that case?
–
dabest1Apr 23 '12 at 21:18